Insufficient Input Validation in Cisco's Evolved Programmable Network Manager and Prime Infrastructure
CVE-2025-20269

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Evolved Programmable Network Manager (epnm); Cisco Prime Infrastructure
Vendor: CVE Published:; 20 August 2025

Badges

👾 Exploit Exists

What is CVE-2025-20269?

A vulnerability exists in the web-based management interface of Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure, allowing authenticated, low-privileged remote attackers to retrieve arbitrary files from the device's underlying file system. This security gap arises from insufficient input validation in certain HTTP requests, enabling attackers to exploit the flaw through crafted requests. Successful exploits may lead to unauthorized access to sensitive files, posing a significant risk to the security of affected devices.

Affected Version(s)

Cisco Evolved Programmable Network Manager (EPNM) 7.0.0

Cisco Evolved Programmable Network Manager (EPNM) 7.1.1

Cisco Evolved Programmable Network Manager (EPNM) 7.1.2.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 20, 2025
Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Oct 10, 2024